Not The Onion

13654 readers

431 users here now

Welcome

We're not The Onion! Not affiliated with them in any way! Not operated by them in any way! All the news here is real!

The Rules

Posts must be:

Links to news stories from...
...credible sources, with...
...their original headlines, that...
...would make people who see the headline think, “That has got to be a story from The Onion, America’s Finest News Source.”

Comments must abide by the server rules for Lemmy.world and generally abstain from trollish, bigoted, or otherwise disruptive behavior that makes this community less fun for everyone.

And that’s basically it!

founded 2 years ago

MODERATORS

[email protected]

496

Anyone Can Push Updates to the DOGE.gov Website (www.404media.co)

submitted 1 week ago by [email protected] to c/[email protected]

20 comments fedilink hide all child comments

"One coder added at least two database entries that are visible on the live site and say “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro.” "

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 37 points 1 week ago (12 children)

Yes. But how?

[–] [email protected] 133 points 1 week ago (10 children)

Here's an archived version of the article to get past the paywall. The hackers went to the network tab of their browser's developer console and noticed that the API calls to write to the database weren't password protected.

[–] [email protected] 23 points 1 week ago (6 children)

Compared with an SQL injection, how sophisticated is this method?

[–] [email protected] 31 points 1 week ago

Much much simpler, with a SQL injection at least you have to bypass the filters set, this is just submitting the changes through an API and the DB just eats it up.

load more comments (5 replies)

load more comments (8 replies)

load more comments (9 replies)